Created
August 9, 2017 06:03
-
-
Save ihciah/bd8aab56bb0c3cae7474ad7d5a93ea66 to your computer and use it in GitHub Desktop.
Tinc Remote Start Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# __author__="ihciah" | |
# Call this script in ddns script | |
import hmac, base64, struct, hashlib, time, requests, sys | |
CONNECT_KEY = "ABCDABCDABCDABCD" | |
START_ADDRESS = "https://inner-proxy-server.ihc.im:23333/start-tinc" | |
STOP_ADDRESS = "https://inner-proxy-server.ihc.im:23333/stop-tinc" | |
CONNECT_ADDRESS = {"START": START_ADDRESS, "STOP": STOP_ADDRESS} | |
class OTP: | |
def __init__(self, secret): | |
self.secret = secret | |
def get_hotp_token(self, intervals_no): | |
key = base64.b32decode(self.secret, True) | |
msg = struct.pack(">Q", intervals_no) | |
h = hmac.new(key, msg, hashlib.sha1).digest() | |
o = ord(h[19]) & 15 | |
h = (struct.unpack(">I", h[o:o+4])[0] & 0x7fffffff) % 1000000 | |
return str(h).zfill(6) | |
def get_totp_token(self, t=time.time()): | |
return self.get_hotp_token(int(t)//30) | |
def main(): | |
if len(sys.argv) != 2 or sys.argv[1].upper() not in ["START", "STOP"]: | |
print "Usage: %s (start|stop)" % sys.argv[0] | |
return | |
req = requests.get(CONNECT_ADDRESS[sys.argv[1].upper()], headers={"Auth": OTP(CONNECT_KEY).get_totp_token()}) | |
print req.content | |
if __name__ == "__main__": | |
main() | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# __author__="ihciah" | |
# Need twisted and pyopenssl | |
from twisted.web import resource | |
from twisted.web import server as webserver | |
from twisted.internet import reactor | |
from OpenSSL.SSL import Context, TLSv1_METHOD | |
import hmac, base64, struct, hashlib, time, os | |
KEY = "ABCDABCDABCDABCD" | |
HTTP_PORT = 23333 | |
class OTP: | |
def __init__(self, secret): | |
self.secret = secret | |
def get_hotp_token(self, intervals_no): | |
key = base64.b32decode(self.secret, True) | |
msg = struct.pack(">Q", intervals_no) | |
h = hmac.new(key, msg, hashlib.sha1).digest() | |
o = ord(h[19]) & 15 | |
h = (struct.unpack(">I", h[o:o + 4])[0] & 0x7fffffff) % 1000000 | |
return str(h).zfill(6) | |
def get_totp_token(self, t=time.time()): | |
return self.get_hotp_token(int(t) // 30) | |
def validate(self, authcode): | |
valid_keys = [self.get_totp_token(time.time() + t) for t in (-30, 0, 30)] | |
return reduce(lambda x, k: x or k == authcode, valid_keys, False) | |
class HTTPServer(resource.Resource): | |
isLeaf = True | |
def validate(self, authcode): | |
otp = OTP(KEY) | |
return otp.validate(authcode) | |
def render_GET(self, request): | |
try: | |
if request.uri == '/start-tinc': | |
auth = request.getHeader('Auth') | |
if auth and self.validate(auth): | |
os.system("/usr/sbin/tincd -n sugar -k") | |
os.system("/usr/sbin/tincd -n sugar") | |
return "OK!" | |
if request.uri == '/stop-tinc': | |
auth = request.getHeader('Auth') | |
if auth and self.validate(auth): | |
os.system("/usr/sbin/tincd -n sugar -k") | |
return "OK!" | |
request.setResponseCode(403) | |
return "403 Forbidden" | |
except: | |
pass | |
class ContextFactory: | |
def __init__(self, context): | |
self.context = context | |
def getContext(self): | |
return self.context | |
def main(): | |
cert = "/etc/ssl/ihc/crt" | |
key = "/etc/ssl/ihc/key" | |
httpserver = webserver.Site(HTTPServer()) | |
context = Context(TLSv1_METHOD) | |
context.use_certificate_chain_file(cert) | |
context.use_privatekey_file(key) | |
reactor.listenSSL(HTTP_PORT, httpserver, ContextFactory(context)) | |
reactor.run() | |
if __name__ == '__main__': | |
try: | |
main() | |
except: | |
pass |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment